Hillary Clinton violated federal records rules by never obtaining permission to conduct official business on private email server during her tenure as secretary state, a State Department audit concluded.

The report from the State Department’s inspector general say mentions “longstanding, systemic weaknesses” in the agency’s communications even before Clinton took office there, but it singles her out as having been a particularly bad offender for her exclusive use of private, unsecured email.

“At a minimum, Secretary Clinton should have surrendered all emails dealing with Department issues before leaving government service and, because she did not do so, she did not comply with the Department's policies that were implemented in accordance with the Federal Records Act," says the audit, which was first obtained by Politico.

The 78-page report is the culmination of a review prompted by last year’s revelations that Hillary Clinton conducted official business on a private email server, rather than the secured government servers that officials are expected to use, during her four years in the Obama administration.

The inspector general states that its findings are based on interviews with Secretary of State John Kerry, and predecessors Colin Powell, Condoleeza Rice and Madeleine Albright.

Clinton and her deputies, including Cheryl Mills and Huma Abedin, declined the inspector general’s request for interviews, Politico reported.

The report said that State Department workers are required to use "agency-authorized information systems to conduct normal day-to-day operations" because the use of other systems "creates significant security risks."

The inspector general went on to recommend that the State Department remind employees that the use of personal email accounts to conduct official business is “discouraged in most circumstances,” and improved policies to promote compliance by all employees – including the secretary of state. The State Department’s management concurred with these recommendations.

The audit is only one part of a much larger controversy. Clinton, who is the likely Democratic presidential nominee, is currently under investigation by the FBI for potentially putting highly sensitive information at risk, a fact that has become an important talking point in the election.

Clinton has contended that since most of her emails were sent to other people in the state department, she was complying with the federal law requiring the preservation of government records.

Though the FBI’s investigation is still ongoing, the inspector general’s audit casts doubt on this defense, saying that sending emails to other State Department accounts “is not an appropriate method of preserving any such emails that would constitute a federal record.”

Clinton’s use of a private email account came to light in 2013, when a hacker going by the name of Guccifer accessed the email account of her aide Sydney Blumenthal. The hacker, whose real name is Marcel Lazar, pleaded guilty to various hacking-related offenses on Wednesday.